<?php
//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//
// DLMan by Shedd Technologies International		  				//
// http://www.dlman.com | info@dlman.com							//
// Copyright 2003 by STI, All rights reserved.						//
// ---------------------------------------------------------------- //
// Usage of this software is governed by the terms of GPL. 	    	//
//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//

require_once("global.php");
error_reporting (E_ERROR | E_PARSE);
ob_start();//start content buffer
//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\
	if(isset($farea)&&$farea==""){
		?>
		<P><FONT face=Verdana><b>File Management</b></FONT></P>
		<?php
	}
//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\
	//New File
	elseif($farea=="new"){
		// code that will be executed if the form has been submitted:
		///////////////////////////////////////////////////////////////////
		if($submit){
			if(is_array($HTTP_POST_FILES)){
	    		$form_data=$HTTP_POST_FILES['form_data']['tmp_name'];
	    		$form_data_name=$HTTP_POST_FILES['form_data']['name'];
	    		$form_data_size=$HTTP_POST_FILES['form_data']['size'];
				$form_data_type=$HTTP_POST_FILES['form_data']['type'];
    		}
			
			if($this->cs['max_file_size']>filesize($form_data)){
				die("File Size is Larger Than Specified Allowed Value");
			}
			
			if($form_assoc=="") $form_assoc="NONE";
		    
		    //$data = fread(fopen($form_data, "rb"), filesize($form_data));
			
			$filedat=fopen($form_data,"rb");
	    	$filestuff=fread($filedat,filesize($form_data));
	    	fclose($filedat);
			
		    $result=mysql_query("
				INSERT INTO ".$config->dt['files']." (
					id,
					name,
					description,
					data,
					downloads,
					license,
					properties,
					item_number,
					permissions,
					cost,
					update_cost,
					php,
					version,
					fileupdate_timestamp,
					term,
					term_type,
					download,
					purchase,
					associated
				) ".
		        "VALUES (
					'',
					'$form_name',
					'$form_description',
					'".addslashes($filestuff)."',
					'$form_downloads',
					'$form_license',
					'".addslashes($form_data_name)."|$form_data_size|$form_data_type',
					'item_number',
					'$form_perm',
					'$form_cost',
					'$form_ucost',
					'$form_php',
					'$form_version',
					'".time()."',
					'$form_term',
					'$form_term_type',
					'$form_download',
					'$form_purchase',
					'$form_assoc'
				)");//properties: filename,filesize,filetype
		    if(!$result){
				print "Entry failed!<br>";
				print mysql_error();
			}
			else{
				print "Entry successful!<br>";
				$id=mysql_insert_id();
			    print "<p>This file has the following Database ID: <b>$id</b>";
			}
		}
		///////////////////////////////////////////////////////////////////
		else{
		    // else show the form to submit new data:
			print file_form($variable_that_should_be_without_a_value_98765432115874521585_xyz,$farea);
		}
	}
//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\
	//Manage Files
	elseif($farea=="manage"){
		if(!isset($submit)) $submit=false;
		if(!$submit){//check for form submission
			//output list of files
			$sql="SELECT * FROM ".$config->dt['files'];
			$result=mysql_query($sql);
			//check for success
			if(!$result){
				print "Failure to Pull File Data!";
			}
			else{
			?>
				<table align="center" cellspacing="0" cellpadding="2" border="0" width="100%">
				<tr bgcolor="#ececec">
					<td></td>
					<td></td>
				    <td><P align=center><STRONG>Name</STRONG></P></td>
					<td></td>
				    <td><P align=center><STRONG>File</STRONG></P></td>
					<td></td>
				    <td><P align=center><STRONG>Description</STRONG></P></td>
					<td></td>
				    <td><P align=center><STRONG>Downloads</STRONG></P></td>
					<td></td>
				    <td><P align=center><STRONG>Version</STRONG></P></td>
				</tr>
				<form action="<?php print $PHP_SELF; ?>" method="post">
				<input type="hidden" name="farea" value="<?php print $farea; ?>">
				<input type="hidden" name="submit" value="true">
			<?php
				while($value=mysql_fetch_array($result)){
					//format property text
					$property_array=explode("|",$value['properties']);
					$property=$property_array[0]." (".$property_array[2].")";
					//cut description
					$descrp=substr($value['description'],0,100);
					//check to see if it is greater than 100 chars for ellipsis
					if(isset($value['description'][101]))
						$long=true;
					?>
						<!--<?php print $value['id']; ?> ROW-->
						<tr>
							<td colspan="11" bgcolor="black"></td>
						</tr>
						<tr>
							<td><input type="radio" name="id" value="<?php print $value['id']; ?>" style="background: white;"></td>
							<td>&nbsp;&nbsp;</td>
						    <td><?php print $value['name']; ?></td>
							<td>&nbsp;&nbsp;</td>
						    <td><?php print $property; ?></td>
							<td>&nbsp;&nbsp;</td>
						    <td><?php print $descrp; if($long) print "..."; ?></td>
							<td>&nbsp;&nbsp;</td>
						    <td><?php print $value['downloads']; ?></td>
							<td>&nbsp;&nbsp;</td>
						    <td><?php print $value['version']; ?></td>
						</tr>
						<!--END <?php print $value['id']; ?> ROW-->
					<?php
				}//end while loop
				?>
					<tr>
						<td colspan="11" bgcolor="black"></td>
					</tr>
					<tr>
						<td colspan="11" bgcolor="#ececec" align="center">&nbsp;<input type="submit" value="Select" class="prefinput">&nbsp;</td>
					</tr>
					</table>
					</form>
				<?php
			}//end else
		}//end form not submitted
		else{//form was submitted
			if(!isset($edit)){//no edit command
				//display form for management
				print file_form($id,$farea);
			}
			else{//process updates
				if($form_assoc=="") $form_assoc="NONE";
				$sql="
				UPDATE ".$config->dt['files']." 
				SET name='$form_name',
					description='$form_description',
					downloads='$form_downloads',
					license='$form_license',
					item_number='item_number',
					permissions='$form_perm',
					cost='$form_cost',
					update_cost='$form_ucost',
					php='$form_php',
					version='$form_version',
					term='$form_term',
					term_type='$form_term_type',
					download='$form_download',
					purchase='$form_purchase',
					associated='$form_assoc'
				WHERE id='$file'";
				$result=mysql_query($sql);
				if(!$result){
					print "Error updating data!<br>";
					print mysql_error();
				}
				else{
					$redir="<script language=\"javascript\">window.location=\"admin.php?farea=manage\";</script>\n";
					print "Update Successful!";
					print $redir;
				}
			}//end process update
		}//end form submitted
	}//end area = manage
//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\
	//Update File Binary Data
	elseif($farea=="binup"){
		if(!$submit){//form not submitted
			//pull data
			$sql="SELECT * FROM ".$config->dt['files']." WHERE id='".$file."'";
			$result=mysql_query($sql);
			$value=mysql_fetch_array($result);
			//format property text
			$property_array=explode("|",$value['properties']);
			$property="<u>".$property_array[0]."</u> [Size: $property_array[1]] (Type: ".$property_array[2].")";
			?>
			<div align="center">
			<form name="file_form" method="post" action="<?php echo $PHP_SELF; ?>" enctype="multipart/form-data">
			<input type="hidden" name="submit" value="true">
			<input type="hidden" name="farea" value="<?php print $farea; /*param*/?>">
			<b>Existing File:</b>&nbsp;<?php print $property; ?> &lt;Last Updated <?php print date("F d, Y H:m:s",$value['fileupdate_timestamp']); ?>&gt;<br>
			<b>New Version of File:</b>&nbsp;<input type="file" name="form_data" size="40">
			<input type="hidden" name="file" value="<?php print $file; ?>">
			<br><input type="Submit" value="Update" class="but" name="SUBMIT">
			</form>
			<br>
			<script language="JavaScript" type="text/javascript">
			<!--Hide Script from Old Browsers
			//Check to make sure that the user really wants to delete file
			function doVerify(closerequest){
				var txt="Are you sure that you want to delete this file?  THIS ACTION CAN NOT BE UNDONE!"
				if(!confirm(txt)){
					alert("File was not deleted!");
					return false;
				}
				else{
					return true;
				}
			}
			//End Hide-->
			</script>
			<form method="post" action="<?php print $PHP_SELF; ?>" onsubmit="return doVerify(this);">
				<input type="hidden" name="action" value="cc_delete">
				<input type="hidden" name="thetype" value="<?php print $config->dt['files']; ?>">
				<input type="hidden" name="idfield" value="id">
				<input type="hidden" name="idval" value="<?php print $file; ?>">
				<input type="hidden" name="urlback" value="<?php print "$PHP_SELF?farea=$farea"; ?>">
				<input type="hidden" name="confirm" value="Yes">
				<input type="submit" value="DELETE FILE" class="but">
			</form>
			</div>
			<?php
		}
		else{//form submitted
			
			if(is_array($HTTP_POST_FILES)){
	    		$form_data=$HTTP_POST_FILES['form_data']['tmp_name'];
	    		$form_data_name=$HTTP_POST_FILES['form_data']['name'];
	    		$form_data_size=$HTTP_POST_FILES['form_data']['size'];
				$form_data_type=$HTTP_POST_FILES['form_data']['type'];
	    	}
			
			$filedat=fopen($form_data,"rb");
	    	$filestuff=fread($filedat,filesize($form_data));
	    	fclose($filedat);
			
			$sql="UPDATE ".$config->dt['files']." 
			SET data='".addslashes($filestuff)."',
			properties='".addslashes($form_data_name)."|$form_data_size|$form_data_type',
			fileupdate_timestamp='".time()."' WHERE id='$file'";
			$result=mysql_query($sql);
			if(!$result){
				print "Error Updating File!<br>";
				print mysql_error();
			}
			else{
				$redir="<script language=\"javascript\">window.location=\"admin.php?farea=manage\";</script>\n";
				print "Update Successful!";
				print $redir;
			}
		}//end form submitted
	}
//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\
$content=ob_get_contents();//store content to global buffer var
ob_end_clean();

//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\
//FUNCTIONS
//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\
function file_form($file,$farea){
	global $config,$PHP_SELF,$mysql;
	/*
	if file is set, it is being called from the update block
		- pull data from the form fields so that user can update
	else
		-display blank fields -> new file
	*/
	ob_start();//start content buffer
	
	if(isset($file)){
		//pull data from the database for the file, if it is set
		$sql="SELECT * FROM ".$config->dt['files']." WHERE id='".$file."'";
		$result=mysql_query($sql);
		if(!$result){
			print "Problem Querying Database!";
		}
		else{
			$value=mysql_fetch_array($result);
		}
	}
	?>
		<Script language="JavaScript" type="text/javascript">
		//if user selects paid, put cursor in cost box
		function Cost(Meth){
			formControl(document.file_form.form_assoc);
			if(Meth=='paid'){
				alert("Please enter the cost!");
				document.file_form.form_cost.value="";
				document.file_form.form_cost.focus();
				document.file_form.form_assoc.value="NONE";
			}//end if
			if(Meth=='free'){
				document.file_form.form_cost.value="FREE";
				document.file_form.form_ucost.value="FREE";
				//formControl(document.file_form.form_term);
			}
			return true
		}//end Cost
		
		//Disable form element
		function formControl(submitted) 
		{
			if(submitted.disabled)
				submitted.disabled=false;
			else
				submitted.disabled=true;
			return true;
		}
		</SCRIPT>
		<TABLE width="100%">
		<form name="file_form" method="post" action="<?php echo $PHP_SELF; ?>" enctype="multipart/form-data">
		<input type="hidden" name="submit" value="true">
		<input type="hidden" name="edit" value="true">
		<input type="hidden" name="file" value="<?php print $file;/*param*/ ?>">
		<input type="hidden" name="farea" value="<?php print $farea; /*param*/?>">
		<TR CLASS="back">
		<TD COLSPAN="1" ALIGN="CENTER"><BR>
		      <TABLE BORDER="0" CELLPADDING="2" CELLSPACING="0" width="100%">
		        <tr bgcolor="#b7b7b7"> 
		          <td colspan="3"><b><?php isset($file) ? print "Manage" : print "New" ; ?> File</b></td>
		        </tr>
		        <TR> 
		          <TD width="137" bgcolor="#efefef" align="right">File Name:</TD>
		          <TD width="223"> 
		            <input type="text" name="form_name" size="40" value="<?php print $value['name']; ?>">
		          </TD>
		          <TD width="233"><font size="1">This name will be used to identify the file to your clients.</font></TD>
		        </TR>
		        <TR> 
		          <TD width="137" bgcolor="#efefef" align="right">File to upload/store in database:</TD>
		          <TD width="223">
				  	<?php
					if(!isset($file)){
			            ?>
							<input type="file" name="form_data" size="40">
						<?php
					}
					else{
						?>
						<a href="<?php print $PHP_SELF; ?>?farea=binup&file=<?php print $file; /*param*/ ?>">Click Here to Update File</a>
						<?php
					}
					?>
		          </TD>
		          <TD width="233">&nbsp;</TD>
		        </TR>
		        <TR> 
		          <TD width="137" bgcolor="#efefef" align="right">File Description:</TD>
		          <TD align="left" valign="top" colspan="2"> 
		            <textarea class="prefinput" name="form_description" cols="60" rows="12"><?php print $value['description']; ?></textarea>
		          </TD>
		        </TR>
				<TR>
		          <TD width="137" bgcolor="#efefef" align="right">PHP Code Executed on Download:&nbsp;</TD>
		          <TD align="left" valign="top" colspan="2">
				  	<div style="background: yellow; width: 450px;">
						<li>DO NOT INCLUDE <b>&lt;?php</b> OR <b>&lt;?</b> OR <b>&lt;%</b> OR <b>?&gt;</b> OR <b>%&gt;</b></li>
						<li>MySQL Database Commands for the database <b><?php print $mysql['db']; ?></b> are valid</li>
						<li>Printing or echoing output may result in errors due to header function use</li>
					</div>
		          	<textarea class="prefinput" name="form_php" cols="60" rows="12"><?php print $value['php']; ?></textarea>
		          </TD>
		        </TR>
				<TR>
		          <TD width="137" bgcolor="#efefef" align="right">Permissions:&nbsp;</TD>
		          <TD align="left" valign="top" colspan="2">
						<table cellspacing="0" cellpadding="2" border="0">
							<tr>
							    <td>
									<select onchange="Cost(this.form.form_perm.value)" name="form_perm" size="1" class="prefinput">
										<option value="free" <?php if($value['permissions']=="free") print "SELECTED"; ?>>Free</option>
										<option value="paid" <?php if($value['permissions']=="paid") print "SELECTED"; ?>>Paid</option>
									</select>
								</td>
							    <td>
									Associated Cost:&nbsp;$<input type="text" name="form_cost" size="25" value="<?php if(isset($file)) print $value['cost']; else print "FREE"; ?>"><br>
									Associated Renewal Cost:&nbsp;$<input type="text" name="form_ucost" size="25" value="<?php if(isset($file)) print $value['update_cost']; else print "FREE"; ?>"><br>
									Associated Product:&nbsp;
									<select name="form_assoc" size="1" class="prefinput" <?php if($value['permissions']=="paid") print "disabled"; ?>>
										<option value="NONE" <?php if(!isset($file)) print "SELECTED"; ?>>None</option>
										<?php
											$s="SELECT * FROM ".$config->dt['files'];
											print $s;
											$r=mysql_query($s);
											while($v=mysql_fetch_array($r)){
												if($v['id']!=$file){
													print '<option value="'.$v['id'].'" ';
													if($value['associated']==$v['id']) print "SELECTED";
													print '>'.$v['name'].'</option>';
												}/*
												else{
													print '<option value="NONE" SELECTED>(No Other Files)</option>';
												}*/
											}//end while
										?>
									</select>
								</td>
							</tr>
						</table>
		          </TD>
		        </TR>
		        <TR>
		          <TD width="137" bgcolor="#efefef" align="right">License:&nbsp;</TD>
		          <TD align="left" valign="top" colspan="2">
		          	<select name="form_license" size="1" class="prefinput">
						<option value="" <?php if(!isset($file)) print "SELECTED"; ?>>Select License</option>
						<?php
							$s="SELECT * FROM ".$config->dt['license'];
							$r=mysql_query($s);
							while($v=mysql_fetch_array($r)){
								?>
								<option value="<?php print $v['id']; ?>" <?php if($value['license']==$v['id']) print "SELECTED"; ?>><?php print $v['title']; ?></option>
								<?php
							}//end while
						?>
					</select>
		          </TD>
		        </TR>
				 <TR> 
		          <TD width="137" bgcolor="#efefef" align="right">File Downloads:</TD>
		          <TD width="223"> 
		            <input type="text" name="form_downloads" size="15" value="<?php if(!isset($file)) print "0"; else print $value['downloads']; ?>">
		          </TD>
		          <TD width="233"><font size="1">This is the number of times this file was downloaded.  If you are entering already existing products, you may want to start this count at the existing value.</font></TD>
		        </TR>
				<TR> 
		          <TD width="137" bgcolor="#efefef" align="right">File Version:</TD>
		          <TD align="left" valign="top" colspan="2">
		            <input type="text" name="form_version" size="15" value="<?php print $value['version']; ?>">
		          </TD>
		        </TR>
				<TR> 
		          <TD width="137" bgcolor="#efefef" align="right">Term of Member Access:</TD>
		          <TD align="left">
		            <input type="text" name="form_term" size="15" value="<?php print $value['term']; ?>">
		          </TD>
				  <TD>
				  	<font size="1">This value is the length of time that members will be able to download the product from the member area.  <b>Term is defined in 
				  		<select name="form_term_type" size="1" class="prefinput">
							<option value="d" <?php if($value['term_type']=="d") print "SELECTED"; ?>>days</option>
							<option value="m" <?php if($value['term_type']=="m") print "SELECTED"; ?>>months</option>
							<option value="yyyy" <?php if($value['term_type']=="yyyy") print "SELECTED"; ?>>years</option>	
						</select>
					.</b></font>
				  </TD>
		        </TR>
				<TR> 
		          <TD width="137" bgcolor="#efefef" align="right">Downloadable:</TD>
		          <TD align="left">
		            <input type="radio" name="form_download" value="on" <?php if($value['download']=="on") print "CHECKED"; ?>>Yes&nbsp;&nbsp;<input type="radio" name="form_download" value="off" <?php if($value['download']=="off") print "CHECKED"; ?>>No
		          </TD>
				  <TD><font size="1">Should users be able to download your product?</font></TD>
		        </TR>
				<TR> 
		          <TD width="137" bgcolor="#efefef" align="right">Purchasable:</TD>
		          <TD align="left">
		            <input type="radio" name="form_purchase" value="on" <?php if($value['purchase']=="on") print "CHECKED"; ?>>Yes&nbsp;&nbsp;<input type="radio" name="form_purchase" value="off" <?php if($value['purchase']=="off") print "CHECKED"; ?>>No
		          </TD>
				  <TD><font size="1">Should users be able to purchase your product?  <b>This setting does not affect free and associated files.</b></font></TD>
		        </TR>
		        <TR bgcolor="#b7b7b7" align="center" valign="middle"> 
		          <TD colspan="3"> 
		            <input type="Submit" value="Store" class="but" name="SUBMIT">
		            <input type="Reset" class="but" name="Reset">
		          </TD>
		        </TR>
		      </TABLE>
		<BR></TD></TR></TABLE></TD></TR>
		</TABLE>
		</FORM>
	<?php
	$content=ob_get_contents();//store content to global buffer var
	ob_end_clean();
	return $content;
}//end function form_field
//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\
?>
